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Abstract. We consider feasibility of linear integer programs in the con¬ 
text of verification systems such as SMT solvers or theorem provers. Al¬ 
though satisfiability of linear integer programs is decidable, many state- 
of-the-art solvers neglect termination in favor of efficiency. It is challeng¬ 
ing to design a solver that is both terminating and practically efficient. 
Recent work by Jovanovic and de Moura constitutes an important step 
into this direction. Their algorithm CUTS AT is sound, but does not ter¬ 
minate, in general. In this paper we extend their CUTSAT algorithm by 
refined inference rules, a new type of conflicting core, and a dedicated rule 
application strategy. This leads to our algorithm CUTSAT+-f, which 
guarantees termination. 
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1 Introduction 

Historically, feasibility of linear integer problems is a classical problem, which has 
been addressed and thoroughly investigated by at least two independent research 
lines: (i) integer and mixed real integer linear programming for optimization EE 
(ii) first-order quantifier elimination and decision procedures for Presburger 
Arithmetic and corresponding complexity results |19I4I9I17I6I7I2012II3II10I11I21I16I 
We are interested in feasibility of linear integer problems, which we call simply 
problems , in the context of the combination of theories, as they occur, e.g., in the 
context of SMT solving or theorem proving. From this perspective, both these 
research lines address problems that are too general for our purposes: with the 
former, the optimization aspects go considerably beyond pure feasibility. The 
latter considers arbitrary Boolean combinations of constraints and quantifier 
alternation or even parametric problems. 

Consequently, the SMT community has developed several interesting ap¬ 
proaches on their own mm .These solvers typically neglect termination and 
completeness in favour of efficiency. More precisely, these approaches are based 
on a branch-and-bound strategy, where the rational relaxation of an integer prob¬ 
lem is used to cut off and branch on integer solutions. Together with the known 
a priori integer bounds | 18 ] for a problem this yields a terminating and complete 
algorithm. However, these bounds are so large that for many practical problems 
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the resulting branch-and-bound search space cannot be explored in reasonable 
time. Hence, the a priori bounds are not integrated in the implementations of 
the approaches. 

On these grounds, the recent work by Jovanovic and de Moura [13114] . al¬ 
though itself not terminating, constitutes an important step towards an algo¬ 
rithm that is both efficient and terminating. The termination does no longer 
rely on bounds that are a priori exponentially large in the occurring parameters. 
Instead, it relies on structural properties of the problem, which are explored by 
their OUTSAT algorithm. The price for this result is an algorithm that is by 
far more complicated than the above-mentioned branch-and-bound approach. In 
particular, it has to consider divisibility constraints in addition to inequalities. 

Our interest in an algorithm for integer constraints originates from a pos¬ 
sible combination with superposition, e.g., see [8J. In the superposition context 
integer constraints are part of the first-order clauses. Variables in constraints 
are typically unguarded, so that an efficient decision procedure for this case is a 
prerequisite for an efficient combined procedure. 

Our contribution is an extension and refinement of the OUTSAT algorithm, 
which we call CUTSAT++. In contrast to OUTSAT, our CUTSAT++ generally 
terminates. The basic idea of both algorithms is to reduce a problem contain¬ 
ing unguarded integer variables to a problem containing only guarded variables. 
These unguarded variables are not eliminated. Instead, one explores the un¬ 
guarded variables by adding constraints on smaller variables to the problem, with 
respect to a strict total ordering where all unguarded variables are larger than all 
guarded variables. After adding sufficiently many constraints, feasibility of the 
problem only depends on guarded variables. Then a CDCL style algorithm tests 
for feasibility by employing exhaustive propagation. The most sophisticated part 
is to turn an unguarded variable into a guarded variable. Quantifier elimination 
techniques, such as Cooper elimination [4], do so by removing the unguarded vari¬ 
able. In case of Cooper elimination, the price to pay is an exponentially growing 
Boolean structure and exponentially growing coefficients (see Section Since 
integer linear programming is NP-complete, all algorithms known today can not 
prevent such a kind of behavior, in general. Since Cooper elimination does not 
care about the concrete structure of a given problem, the exponential behavior 
is almost guaranteed. The idea of both CUTSAT and CUTSAT+-1- is therefore 
to simulate a lazy variation of Cooper elimination. This leaves space for model 
assumptions and simplification rules in order for the algorithm to adapt to the 
specific structure of a problem and hence to systematically avoid certain cases 
of the worst-case exponential behavior observed with Cooper elimination. 

The paper is organized as follows. After fixing some notation in Section[2l we 
present three examples for problems where CUTSAT diverges. The divergence 
of CUTSAT can be fixed by respective refinements on the original CUTSAT 
rules. However, in a fourth example the combination of our refinements results 
in a frozen state. Our conclusion is that CUTSAT lacks, in addition to our 
rule refinements, a third type of conflicting cores, which we call diophantine 
conflicting core. Theorem [5] in Section [3] actually implies that any procedure 
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that is based on what we call weak Cooper elimination needs to consider this 
type of conflicting core for completeness. In Sections 0][5j we refine the inference 
rules for the elimination of unguarded variables on the basis of our results from 
Section [3] and show their soundness, completeness, and termination. We finally 
give conclusions and point at possible directions for future research. 

2 Motivation 

We use variables x, y , z, k, possibly with indices. Furthermore, we use integer 
constants a, b , c, d, e, l , v, u , linear polynomials p, q , r, s, and constraints I, J 
possibly with indices. As input problems , we consider finite sets of constraints C 
corresponding to and sometimes used as conjunction over their elements. Each 
constraint I is either an inequality a n x n + ... + a±Xi + c < 0 or a divisibility 
constraint d \ a n x n + ... + a\X\ + c. We denote coeff(/, Xi) = cq £ Z. vars(C) 
denotes the set of variables occurring in C. We sometimes write C(x) in order 
to emphasise that x £ vaxs(C(x)). A problem C is satisfiable if 3X : C holds, 
where X = vars(C). For true we denote T and for false we denote _L. Since 
d | cx + s = d | —cx — s, we may assume that c > 0 for all d | cx + s £ C. 
A variable x is guarded in a problem C if C contains constraints of the form 
x — u x <0 and — x + l x <0. Otherwise, x is unguarded in C. Note that guarded 
variables are bounded as defined in m but not vice versa. A constraint is guarded 
if it contains only guarded variables. Otherwise, it is unguarded. 

Our algorithm CUTSAT++ aims at deciding whether or not a given problem 
C is satisfiable. It either ends in the state unsat , or in a state (v, sat) where v is 
a satisfiable assignment for C. In order to reach one of those two final states, the 
algorithm produces lower bounds x > b and upper bounds x < b for the variables 
in C. The produced bounds are stored in a sequence M = [71 ,..., y n ], which 
describes a partial model. The empty sequence is denoted by [|. We use [M, 7 ] 
and [Mi, M 2 ] to denote the concatenation of a bound 7 at the end of M, and 
M 2 at the end of Mi, respectively. 

By lower(a;, M) = b and upper(x, M) = b we denote the value b of the 
greatest lower bound x > b and the least upper bound x < b for a variable x 
in M, respectively m- If there is no lower (upper) bound for x in M, then 
lower(cc,M) = —00 (upper(cc,M) = 00 ). The definitions of upper and lower are 
extended to polynomials as done in jl4l . 

A state in CUTSAT++ is of the form S = (M, C) or S = (M, C) b /, or 
is one of the two final states (u, sat), unsat |14j . The initial-state for a problem 
C is ([],C). For a state S = (M, C)(h I), inequality p < 0 is a conflict if 
lower(p, M) > 0. For a state S = (M,C)( b /), divisibility constraint d \ ax + p 
is a conflict if all variables in p are fixed, and d\ ab + lower(p, M) for all b with 
lower(cc,M) <b< upper(x, M). In a state S = (M,C) b I, the constraint I is 
always a conflict. 

The partial model M of a state (M, C) (b I) is complete if all variables x in 
C are fixed, in the sense that upper(a:, M) = lower(x, M). In this case, we define 
v[M] as the assignment that assigns to every variable x the value lower(a;, M). 
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With val(p, M) = lowerfp, M) we denote the value assigned to a fixed polynomial 
p , i.e., val(p, M) is only defined if all variables occurring in p are fixed in M. A 
state is frozen if it is not a final state and no rule is applicable. 


Our CUTSAT++ algorithm is defined as a transition system consisting of 
the following rules: 

Decide 


(M,C) =^cs ([M,x>b],C) 


if f upper (a:, M) ± +oo, 

| lower(x, M) < b = upper (a:. M) 


(M, C) =* cs ([M,x<b],C) 

Propagate 


(M,C) => cs ([M ,x >i b\,C) 


f lower(x, M) ^ —oo, 

| lower(x, M) = b < upper (a:. M) 


if 


J £ C is an inequality, 
coeff(J, x) < 0, 

< improves(J, x, M), 
b = bound( J, x, M), 

_ I = tight (J, x, M) 


(M, C) =^ cs (lM,x<!blC) 


Propagate-Div 

(M,C) => cs ([M,x> 7 c],C> 


if 


J £ C is an inequality, 
coeff(J, x) > 0, 

< improves 
b = bound( J, x, M), 

_ I = tight (J, x, M) 


! D = (d | ax + p) £ C, val(p, M) = k, 
b = lower(x, M) , d \ ab + k, 
c = bound(D, x, M ), c < upper(x, M), 
I = div-derive(D, x, M) 


(M, C) =»as<[M,x</c],C7) 

Conflict 


! D = (d | ax + p) £ C, val(p, M) = k, 
b = upper(x, M), d \ ab + k, 
c = bound(D, x, M),c > lower(x, M), 
I = div-derive(D, x, M) 


(M, C) =^ cs (M,C)h P <0 

Conflict-Div 

(M,C) =^ cs (M, C) \~ I 


{M, C) =^ cs (M, C)\- I 


if P < 0 £ C, lower(p, M) > 0 

! J = (d | ax + p) £ C, val(p, M) = k, 
b = lower(x, M), d\ ab + k, 
bound(J, x,M) > upper(x, M), 

I = div-derive( J, x, M) 

! J = (d \ ax + p) £ C, val(p, M) = k, 
b = upper(x, M), d { ab + k, 
bound (J, x,M) < lower(x, M), 

I = div-derive( J, x, M) 
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Unsat-Div 

(M,C) 

Sat 

(M,C) 

Forget 

(M, C U { J}) 

Slack-Intro 

(M,C) 

Resolve 


unsat 

if i 

a | aixi -t-... -t- a n x n -t- c t o, 
gcd(d, ai,..., a n ) f c 

(u[M], sat) 

if v 

[M] satisfies C 

(M,C) 

if U bz J, and J ^ C 



' (M , (7) is stuck, 



x is stuck, 

(M, C U C s ) 

if < 

xs is the slack-variable, 


C s = {-xs < 0, X - xs < 0, 
—x — xs < 0 } 


({M, 7]> C) b I => cs (M, C) b resolve( 7 , 1) 

Skip-Decision 

([M, 7 ],U)bp<0 =^ cs (M, C) \~ p <0 

Unsat 


if 7 is an implied bound 


if 


J 7 is a decided bound, 
\ lower(p, M) > 0 


(M, C) b b < 0 => cs unsat 

Backjump 


([M, 7 , M%C) b J =^ cs <[M ,x >i bj,C) 


if b > 0 


if 


7 is a decided bound, 
coeff( J, x ) < 0, 
improves( J, x, M), 

I = tight( J, x, M), 

_ 6 = bound( J, x, M) 


<[M, 7 , M'], C) b J =^cs ([M, x < 7 6], C) 


Learn 


if 


7 is a decided bound, 
coeff(J, x) > 0 , 

< improves (J, x, M ), 

/ = tight(J, x, M), 

_ b = bound(J, x, M) 


(M, C) b I 


(M, C U {/}) b / 


if J£<7 
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Solve-Div-Left 


(M,C) 


(M, C) 


Solve-Div-Right 


(M,C) 


(AT, C) 


Resolve-Cooper 


(M, C) =^ cs (M'CU R k U R c ) 


if 


divisibility constraints I\,l 2 £ C, 
x is top in Ii and I 2 , 
x is unguarded, 

all other vars. in Ii,I 2 are fixed, 

2 ) = div-solve(*,/i,/ 2 ), 

c = c\{h,i 2 }u{n,%}, 

I 2 is not a conflict 


if 


divisibility constraints Ii,I 2 £ C, 
x is top in I\ and I 2 , 
a: is unguarded, 

all other vars. in Ii,I 2 are fixed, 

< (I[,I' 2 ) = div-solve(x,/i,/ 2 ), 

C' = C\{h,I 2 }U {/(,/'}, 

I 2 is a conflict, 
y = top(J^), 

M' = prefix(M, y) 


if 


r (x, C) is a conflicting core, 
x is unguarded, 

all z ^ x are fixed and C C C, 

< if J £ C is a conflict, then top(J) ^ x, 
cooper(x, C") = (R k ,R c ), 
y = min/ GRc {top(J)}, 

M ' = prefix(M, y) 


CUTSAT [2] includes all of the rules of CUTSAT+-1- except for the rules 
Solve-Div-Left, Solve-Div-Right, and Resolve-Cooper, which are explained in 
more detail in Section [4] 


Via applications of the rule Decide, CUTSAT++ adds decided bounds x < b 
or x > b to the sequence M in search-state S [14] . A decided bound gener¬ 
ally assigns a variable x to lower(x,M) or upper (x,M). Via applications of the 
propagation rules, CUTSAT-)—|- adds propagated bounds x >j b or x </ b to the 
sequence M, where / is a generated constraint propagating the bound. To this 
end the function bound(J, x,M) computes the strictest bound value b and the 
function tight (J,x,M) computes the corresponding justification I for constraint 
J under the partial model M jl4j. For an inequality J, bound(J, x, M) is defined 
as follows: 


bound(ax + p < 0, x, M ) 


r 

lower (p,M) 

1 

a 

1 

lower (p,M) 

l 

L » J 


if a > 0, 


if a < 0. 


Whenever a > 0, J propagates only upper bounds for x. Whenever a < 0, J prop¬ 
agates only lower bounds for x. For a divisibility constraint D, bound(D, x, M) 
is defined as follows: 
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s 

'dp 



a 

bound(d | ax + p, x, M) = < 


d\ |-fc 


< 

a 


if b = lower(x, M), 


if b = upper(x, M), 


where a > 0, d > 0, all variables in p are fixed, and lower(p) = k. Whenever 
we choose b = lower(x, M) in the above function, D propagates a lower bound. 
Whenever we choose b = upper(x, M ) in the above function, D propagates an 
upper bound. The bound value bound(.D, x, M) for divisibility constraint D is 
computed in such a way that CUTSAT++ never skips a satisfiable solution for 
D : 


Lemma 1. Let D = d \ ax+p be a divisibility constraint with a > 0. Let (M, C) 
be a state where the polynomial p is fixed. Let bound(d | ax + p, x, M) denote 
a lower bound value. (1) Then it holds for all e £ {lower(x, M), ..., bound(d | 
ax + p, x, M) — 1} that d\ ae + lower(p, M). Otherwise, bound(d | ax+p, x, M) 
denotes an upper bound value: (2) Then it holds for all e £ {bound(d | ax + 
p, x, M, <) + 1,..., upper(a;, M)} that d \ ae + lower(p, M). 


Proof. We only prove the case that bound(d | ax+p, x, M) denotes a lower 
bound. The proof for the second case is analogous. Assume for a contradiction 
that there exists an e £ {lower(x, M),..., bound(d | ax+p, x, M) — 1} such that 
d | ae + lower (p,M) holds. Since d \ ae + lower (p,M), it holds that |~ ae J~ fc ] = 

= e. Since lower(x, M) < e, it holds that 


an d 

a 


r! |" ae + k j - I- 






a 


a 


a lower (x,M)-\-k 
d 


< \ 2^]. Thence, 

bound(d | ax+p, x, M, >) = 

Therefore, e ^ {lower(a;, M),..., bound(d | ax + p, x, M) — 1}, which contradicts 
our initial assumption. □ 


"dp 

< 

"d[2^j±‘|_fe" 

a 


a 


The rules of the CUTSAT++ calculus are restricted in such a way that 
M stays consistent, i.e. lower(a;, M) < upper(;r, M) for all variables x £ X. 
CUTSAT++ also propagates only bounds that are more strict than the current 
bound for the variable x, e.g., CUTSAT++ only propagates lower bound x > b 
if b > lower (x,M). This behaviour is expressed by the following predicate for 
inequalities J = ax + p < 0: 

lower(x, M) < bound(J, x, M ) < upper(x, M) , if a < 0, 
lower(a;, M) < bound(J, x, M ) < upper(x, M) , if a > 0. 

The justifications annotated to the propagated bounds are necessary for a 
CDCL-like conflict resolution. In CDCL, boolean resolution is used to combine 
the current conflict C V l with a clause used for unit propagation C' V l to receive 
a new conflict CVC" without literals l or l. For CUTSAT++ the function resolve 
fulfils a similar purpose: 

|a |<7 + \c\p < 0 , if a ■ c < 0, 


improves( J, x, M) = 


resolve(a: txicx+q<o b, ax + p < 0) = 


ax + p < 0 


otherwise . 
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Whenever J = ax + p < Oisa conflict in state ([M, 7 ], C) h J, where C \~z J 
and 7 = x t^cx+q<o b, J' = resolve(x t^ C x+q<o b,ax + p < 0) is also a conflict in 
state (M, C) b J' and C \~z J' [33] ■ The function resolve only results in a new 
conflict because CUTSAT++ requires that the justification / of bound x Mj b, 
with cxi £ {<,>}, in state (M, C)(b J) fulfils the following conditions: Firstly, I 
is an inequality and C \~z I■ Secondly, if cxi = <, then coeff(/, x) = 1. If cxi = >, 
then coeff(I, x) = —1. Finally, bound(I, x, M) cxi 6 , i.e. the justification I implies 
at least a bound as strong as x cxi/ b. 

The function tight (J, x, M) = I defined by the set of rules in Figure [T| cal¬ 
culates a justification I in variable x for the bound x cxi/ b propagated from 
inequality J = ±ax + p < 0, where b = bound( J, x, M). A state in this rule 
system is a pair 

(M', ±ax + as © r), 

where a > 0, s and r are polynomials, and M' is a prefix of the initial M, i.e. 
M = ]. The initial state for tight(±ax + p < 0 ,x,M) is {M,±ax ® p). 

The first goal is to produce an inequality where all coefficients are divisible by 
a = coeff(J, x). To this end, we apply the rules (Fig. |T]) until the polynomial on 
the right side of © becomes empty. In this case, all coefficients are divisible by 
a = coeff(J, x) and we derive the justification I with the final rule Round. 


The function div-derive(H, x , M) calculates a justification I in variable x for 
the bound x ixi/ b propagated from the divisibility constraint D = d \ ax + p, 
where b = bound(D, x, M). The justification computed by div-derive is derived 
from a set of inequalities describing the propagated bound value. For instance, 
let us look at the lower bound value: 


bound(H, x, M ) 



where D = d \ ax + p, a > 0, d > 0, p is fixed, k = lower (p,M), and 
b = lower (x,M). The sub-term c = is equal to the bound value com¬ 

putable from the diophantine representation dz = ax + p of the divisibility 
constraint D: 


div-part (D,x,M) = 


bound (—dz + ax + p < 0, z, M) = \ 2 ^] . 

Notice that z is a variable not occurring in the problem, and only introduced 
for the above calculation. The fitting tightly propagating inequality for the sub¬ 
terms are abbreviated with div-part (D,x,M): 

_ ( tight (—dz + ax + p < 0, x, M) , if b = lower(x, M), 

( tight (dz — ax — p < 0,x, M) , if b = upper(x, M). 
For div-part, we forbid tight to apply the Consume rule to the variables x and 
z. The restriction to Consume guarantees that the inequality ±z + r < 0 = 
div-part(Z), x, M) does not contain x. Given I 2 = —z+r < 0 = div-part(U, x, M ) 
and Ii = dz — ax — p < 0 , we use resolve(x >/ 2 c, I/) = —ax + dr — p < 0 = I 3 
to receive the inequality that computes the complete lower bound: 

bound(/ 3 , x, M) = 


d lower (r,M)—k 

> 

~ d \2, 

a 


a 


Finally, we compute the tightly propagating inequality for a divisibility con¬ 
straint D = d | ax +p with the function div-derive(H, x, M): 
















Consume 

(M , ±ax + as © aky + r) =^ti g ht (M,±ax + as + aky © r), 

where x ^ y. 

Resolve-Implied 

([M, 7 ], ±ax + as ® p) => t i g ht (M,±ax + as ® q), 

where 7 is a propagated bound and q < 0 = resolve( 7 ,p < 0 ). 

Decide-Lower 

{\M,y > 6 ], ±ax + as © cy + r) = 7 tight (M, ±ax + as + aky © r + (ak — c)q), 
where y <1 b in M, with I = y + q < 0, and k = |A]. 

Decide-Lower-Neg 

([M, y > 6 ], ± 0 * + as®cy + r) ==> tight (M, ±oa; + as © cq + r ), 
where y </ b in M, with I = y — q < 0, and c < 0. 

Decide-Upper 

([M, y < b], ± 0 * + as © cy + r) = 7 tight (iW, ±oa; + as + aky © r + (c - ak)q), 
where y >1 b in M, with I = —y + q < 0, and k = I ^ j. 

Decide-Upper-Pos 

([M, y < 6 ], ±ax + as © cy + r) => t i g ht (M, ±ax + as © cq + r), 
where y >/ b in M, with I = —y + q < 0, and c > 0. 

Round (and terminate) 


(M, ±ax + as © 6) 


± x + s + 


b 

a 


< 0 


Fig. 1. Rule system that derives tightly propagating inequalities m 


div-derive(Z), x, M) 


! b = lower(a;, M), 

I 2 = — z + r < 0 = div-part(.D, x, M, ), 
/g = tight (—ax + dr — p < 0, x, M), 

{ b = upper(a;, M), 

12 = z + r < 0 = div-part(D, x, M), 

I' 3 = tight (ax + dr +p < 0, x, M). 


The rule Slack-Intro is necessary to prevent a special type of frozen state 
called stuck state. A variable x is called stuck in state S = (M, C) if M contains 
no bounds for x and there is no inequality 1 = ax+ p<0GC that propagates 
a bound for x [T4]. Variables x with a constraint of the form ±x — b < 0 £ 
C are never stuck, as CUTSAT++ is able to propagate at least one bound 
for x, i.e., either x > —b or x < b. A state S' is a stuck state if all unfixed 
variables x are stuck and if the rules Sat, Unsat-Div, Conflict, and Conflict-Div 
are not applicable [14j. In a stuck state, Slack-Intro is applicable and one of the 
previously stuck variables x is turned unstuck by the constraints added to the 
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problem. As recommended in m, CUTSAT++ uses the same slack variable for 
all Slack-Intro applications. 

We are now going to discuss three examples where CUTSAT diverges. The 
first one shows that, CUTSAT can apply Conflict and Conflict-Div infinitely 
often to constraints containing unguarded variables. 

Example 1. Let 

C := {—a; < 0, —y < 0, —£ < 0, z < 0, z + 1 < 0,1 — x + y < 0,x — y < 0} 

lx Iy Izl Iz2 Iz3 J 1 J 2 

be a problem. Let Si = (Mi, C) for i £ N be a series of states with: 

M 0 := [x >4 0,y >4 0, z >/ 2l 0, z </ z2 0], 

M i+ 1 := [M u x > J± i + l,y>j 2 i + 1]. 

Let the variable order be given by z -< y -< x. CUTSAT with a two-layered 
strategy m has diverging runs starting in state S' 0 = ([],C). Let CUTSAT 
traverse the states S' Q , S' 0 , Si, S 2 , ■ • • in the following fashion: CUTSAT reaches 
state So from state S' 0 after propagating the constraints I x , I y , I z 1 , and I z 2 . 
CUTSAT reaches state S l+ i from state Si after: 

— fixing x to i with a Decision yf := x < v, Ml := and S \ := (M},C) 

— applying Conflict to Constraint J\ because lower(1 — x + y, Mf) > 0; Mf := 
Ml and Sf := (Mf, C) b J x 

— undoing the decided bound 7 ^ by applying Backjump because the predicate 
improves( J- L , x, M iri >) evaluates to true. The result is the exchange of 7 ^ 
with the bound 7 x = x >j, i + 1; Mf := [M^ 7 X ] and Sf := (Mf, C) 

— fixing y to i with a Decision 7 ^ :=//<*; Mf := [Mf, 7 ^] and Sf := (Mf, C) 

— applying Conflict to Constraint J 2 because lower(a: — y, Mf) > 0; Mf := Mf 
and Sf := (Mf, C) b J x 

— undoing the decided bound 7 ^ by applying Backjump because the predicate 
improves(J 2 , y, Mf, >) evaluates to true. The result is the exchange of 7 ^ 
with the bound 7 v = y >j 2 i + 1; Mf := [Mf, 7 y ] and Sj+i = Sf := (Mf, C) 

Since {I z 1 , Iz 3 } is a conflicting core, the variable z is the minimal conflicting vari¬ 
able in the states Si, Sf, and Sf. Since I z \ and I z 2 bound z, the conflicting core 
is also guarded. Therefore, Resolve-Cooper as defined in na is not applicable, 
which in turn implies that Conflict is applicable. 

A straightforward fix to example [T| is to limit the application of the Con¬ 
flict and Conflict-Div rules to guarded constraints. Our second example shows, 
that CUTSAT can still diverge by infinitely many applications of the Solve-Div 
rule M - 

Example 2. Let di be the sequence with do = 2 and dk+i := dk 2 for k € N, let 
Co = {4 | 2x + 2y, 2 | x + z} be a problem, and let 5b = ([], Co) be the initial 
CUTSAT state. Let the variable order be given by x < y < z. Then CUTSAT 
has divergent runs So =>cs 5i =^ C s S 2 =>cs ■ • For instance, let CUTSAT 
apply the Solve-Div rule whenever applicable. By an inductive argument, Solve- 
Div is applicable in every state S n = (0, C n ), and the constraint set C n has the 
following form: 
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c — { I dnX + d n y , dn | 4fy - 4fz} if n is odd, 

n \ {2 d n | d n x + d n y, d n \ -fx + -£■z } if n is even. 

Therefore, CUTSAT applies Solve-Div infinitely often and diverges. 

A straightforward fix to example [2] is to limit the application of Solve-Div 
to maximal variables in the variable order -<. Our third example shows, that 
CUTSAT can apply Conflict and Conflict-Div p3] infinitely often. The exam¬ 
ple [3] differs from example [T| in that the conflicting core contains also unguarded 
variables. 

Example 3. Let 

C := {—x <0,— y <0,— z < 0, z < 0,1— x + y + z < 0,x — y — z < 0}} 

lx Iy I-Zl I‘.Z2 J 1 J2 

be a problem. Let Si = (Mi, C) for i £ N be a series of states with: 

M 0 := [a; >i x 0, y >4 0, z >/ zl 0, z </ z2 0], 

M i+ 1 := \Mi,x >j x i+l,y >j 2 i + 1]. 

Let the variable order be given by z -< x -< y. CUTSAT has diverging runs 
starting in state S' 0 = ([],C). F° r instance, let CUTSAT traverse the states S' 0 , 
Sq, Si, S 2 , ■■■ in the following fashion: CUTSAT reaches state So from state 
S'o after propagating the constraints I x , I y , / z 2 and I z 2 . CUTSAT reaches state 
5i+i from state Si after: 

— fixing x to i and y to i with Decisions 7 % := x < i and 7 ^ := y < i] 
Ml := [M*, 75 ,72] and Sj := (M},C) 

— applying Conflict to Constraint J\ because lower(1 — x + y + z,Mf) > 0; 
Mf := Ml and Sf := <M?, C) b J x 

— undoing the decided bounds 7 ^ and 7 ^ by applying first Skip-Decision and 
then Backjump. The result is the sequence Mf := [M i; 7 x ] and the state 
Sf := (Mf, C), where 7 ® = * > j, i + 1; 

— fixing y to i and x to * + 1 with Decisions 7 ^ := y < i and 7 ^ := y < i + 1; 
Mf := \Mf, 72,7 d i and Sf := (Mf,C) 

— applying Conflict to Constraint J 2 because lower(x — y — z , Mf) > 0; Mf := 
Mf and Sf := (Mf, C) h J x 

— undoing the decided bounds 7 ^ and 7 ^ by applying first Skip-Decision and 
then Backjump. The result is the sequence Mf := \Mf,^f v \ and the state 
Si+i = Sf := (Mf , C), where "f v = y >j 2 i + 1. 

Notice that the conflicting core { J\, J 2 } in states Sj and Sf is bounded in [Lf] . 
which admits the application of Conflict. 

For example [3] applying the fix suggested for example [l] results in a frozen 
state. Here, a straightforward fix is to change the definition of conflicting cores 
to cover only those cores where the conflicting variable is the maximal variable^ 
The fixes for our examples suggested above are restrictions of CUTSAT which 
have the consequence that Conflict (-Div) cannot be applied to unguarded con¬ 
straints, Solve-Div is only applicable for the elimination of the maximal variable, 

1 The restrictions to maximal variables in the definition of the conflicting core and 
to the Solve-Div rule were both confirmed as missing but necessary in a private 
communication with Jovanovic. 
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and the conflicting variable x is the maximal variable in the associated conflict¬ 
ing core C'. However, our next and final example shows that these restrictions 
lead to frozen states. 

Example 4. Let CUTS AT include restrictions to maximal variables in the defini¬ 
tion of conflicting cores, and in the Solve-Div rule as described above. Let there 
be additional restrictions in CUTSAT to the rules Conflict and Conflict-Div such 
that these rules are only applicable to conflict constraints I where / contains no 
unguarded variable. Let 

C := {—x < 0, x — 1 < 0, — y < 0,6 | 4y + x} 

*xl 1x2 Iy J 

be a problem. Let M := [a; >/ xl 0, x </ x2 1, y >j 0, x > 1, y < 0] be a bound se¬ 
quence. Let the variable order be given by x -< y. CUTSAT has a run starting in 
state Sq = ([], C) that ends in the frozen state S = ( M , C). Let CUTSAT prop¬ 
agate J x i, 4 2, Iy , and fix a; to 1 and y to 0 with two Decisions. Through these 
Decisions, the constraint J is a conflict. Since y is unguarded, CUTSAT can¬ 
not apply the rule Conflict-Div. Furthermore, m has defined conflicting cores 
as either interval or divisibility conflicting cores. The state S contains neither 
an interval or a divisibility conflicting core. Therefore, CUTSAT cannot apply 
the rule Resolve-Cooper. The remaining rules are also not applicable because 
all variables are fixed and there is only one divisibility constraint. Without the 
before introduced restrictions to the rules Conflict (-Div), Solve-Div, CUTSAT 
diverges on the example. 


3 Weak Cooper Elimination 


In order to fix the frozen state of Example[I]in the previous section, we are going 
to introduce in Section [4] a new conflicting core, which we call diophantine con¬ 
flicting core. For understanding diophantine conflicting cores, as well as further 
modifications to be made, it is helpful to understand the connection between 
CUTSAT and a variant of Cooper’s quantifier elimination procedure [4]. 

The original Cooper elimination takes a variable x, a problem C{x ), and 
produces a disjunction of problems, equivalent to 3x : C(x): 


3x:C(x) = V CU oo(fc)V V V \a\p + kAC (^) 

0<k<m -ax+p<0GC 0<fc<a-m ' ' 

where a > 0, m = lcmjd £ Z : (d \ ax + p) £ C}. If there exists no constraint 
of the form —ax + p < 0 £ C, then C- ao (x) = {(d \ ax + p) £ C} . Otherwise, 
C-oo(x) = -L. One application of Cooper elimination results in a disjunction 
of quadratically many problems out of a single problem. Iteration causes an 
exponential increase in the coefficients due to the multiplication with a because 
division is not part of the language. 

Weak Cooper elimination is a variant of Cooper elimination that is very help¬ 
ful to understand problems around CUTSAT. The idea is, instead of building 
a disjunction over all potential solutions for x , to add additional guarded vari¬ 
ables and constraints without x that guarantee the existence of a solution for 
x. We assume here that C{x) contains only one divisibility constraint for x. If 
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not, exhaustive application of div-solve to divisibility constraints for 2 removes 
all constraints except one: div-solve( 2 , d\ \ a\x + p\,d ,2 \ a 2 X + P 2 ) = (dicfe | 
dx + c 1 d 2 .P 1 + C 2 d\P 2 , d | —a\P 2 + 02 Pi); where d = gcd(aid 2 , 02 ^ 1 ), and ci and 
C 2 are integers such that Ciaid 2 + C 2 d 2 <ii = d sun. Now weak Cooper elimina¬ 
tion takes a variable x, a problem C(x) and produces a new problem by replacing 
3x : C{x) with: 

3 K : ({I G C{x) : coeff(/, x) = 0} U {gcd(c, d) | s} U (J Rk ], 

\ k£K ) 

where d \ cx + s G C(x ), k G K is a newly introduced variable for every pair of 
constraints —ax +p < 0 G C(x) and bx — q < 0 G C(x), 

Rk = {—k < 0, fc — to < 0 , bp — aq + bk < 0, a | k + p, ad \ cp + as + ck} 

is a resolvent for the same inequalities m, where m := 1 cm (a, gcd ^ d ^ ^ — 1 . 
Note that there is still an existential quantifier 3K but all variables k G I\ are 
guarded by their respective Rk- 

Let v be a satisfiable assignment for the formula after one weak Cooper 
elimination step on C(x). Then we compute a strictest lower bound x > l x and 
a strictest upper bound x < u x from C(x) for the variable x under the assignment 
v. We now argue that there is a value v x for x such that x > l x , x < u x , and 

d | cv x + s are satisfied. Whenever l x ^ —00 and u x ^ 00, the bounds x > l x , 

x < u x are given by respective constraints of the form —ax + p < 0 G C{x) 
and bx — q < 0 G C(x) such that l x = [^-^1 and u x = L^^J- I n this case 
the extension of v with 1/(2) = satisfies C{x) because the constraint 

a \ k + p G Rk guarantees that v(x) G Z, the constraint bp — aq + bk < 0 G Rk 
guarantees that l x < i'(x) < u x , and the constraint ad \ cp + as + ck G Rk 
guarantees that v satisfies d \ cx + s G C(x). Whenever l x = —00 (u x = 00) we 
extend v by an arbitrary small (large) value for x that satisfies d \ cx + s G C (2). 
There exist arbitrarily small (large) solutions for 2 and d \ cx + v{s) because 
gcd(c, d) | s is satisfied by v. 

The advantage of weak Cooper elimination compared to Cooper elimination 
is that the output is again one conjunctive problem in contrast to a disjunction 
of problems. Our CUTSAT++ performs weak Cooper elimination not in one 
step but subsequently adds to the states the constraints from the Rk as well as 
the divisibility constraint gcd(c, d) \ s with respect to a strict ordering on the 
unguarded variables. 

The following equivalence, for which we have just outlined the proof, states 
the correctness of weak Cooper elimination: 

32 : C( 2 ) = 3 K : f {I G C{ 2 ) : coeff(/, 2 ) = 0} U {gcd(c, d) \ s} U (J Rk ) • 

V feeif / 

The extra divisibility constraint gcd(c, d) | s in weak Cooper elimination is 
necessary whenever the problem C ( 2 ) has no constraint of the form —ax + p < 
0 G C{ 2 ) or bx — q < 0 G C( 2 ). For example, let C{x) = {y — 1 < 0, — y + 1 < 
0 , 6 | 2x+y} be a problem and 2 be the unguarded variable we want to eliminate. 
As there are no inequalities containing 2 , weak Cooper elimination without the 
extra divisibility constraint returns C' = {y — 1 < 0, — y +1 < 0}. While C has 
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a satisfiable assignment v{y) = 1, C{x) has not since 2x+ 1 is never divisible by 
2 or 6. 

Note that for any R/. introduced by weak Cooper elimination we can also 
show the following Lemma: 


Lemma 2. Let k be a new variable. Let a,b,c> 0. Then, 

(3x : {—ax + p < 0, bx — q < 0, d \ cx + s}) 

= {3k : {—k < 0, k — m < 0,bp — aq + bk < 0, a \ k + p, ad \ cp + as + ck}). 

Proof. See [TJ pp. 101-102 Lemma 4. □ 

That means satisfiability of the respective Rk guarantees a solution for the 
triple of constraints it is derived from. An analogous Lemma holds for the divis¬ 
ibility constraint gcd(c , d ) | s introduced by weak Cooper elimination: 

Lemma 3. (3a; : d \ cx + s) = gcd(c, d) \ s. 

Proof. We equivalently rewrite the two divisibility constraints into diophantine 
equations, viz. 3y : dy — cx = s , and 3 k : gcd(c, d)k = s for d \ cx + s, and 
gcd{c,d ) | s, respectively. We choose d !, c' £ Z such that d! • gcd(c, d) = d and 
c' ■ gcd(c, d) = c. Assume that v is a variable assignment such that dv{y) — 
cv{x) = v{s ) and therefore also d | cv{x) + v(s). Thence v{s) = dv{y ) — cn{x) = 
gcd(c, d) ■ {d'v{y) — c'v{x)). After extending v with v{k) = (dV(y) — c'v{x)), v 
satisfies gcd(c, d)k = s. 

Assume, that v is a variable assignment such that gcd(c, d)v{k) = v{s) holds 
and therefore also gcd(c, d) | ^(s). By Bezout’s Lemma there exist a',b' £ Z, 
such that a'd — b'c = gcd(c, d). Thence a'dv{k) — b'cv{k) = ( a'd — b'c)v{k) = 
gcd(c, d)v{k) = v{s). After extending v with v{y) = a'v{k) and v{x) = b'v{k) 
the assignment v satisfies dy — cx = s. □ 

That means satisfiability of gcd(c, d) | s guarantees a solution for the divisi¬ 
bility constraint d \ cx + s. The rule Resolve-Cooper (Fig. [3]) in our CUTSAT+-)- 
exploits these properties by generating the Rk and constraint gcd(c, d) \ s in the 
form of strong resolvents in a lazy way. Furthermore, it is not necessary for the 
divisibility constraints to be a priori reduced to one, as done for weak Cooper 
elimination. Instead, the rules Solve-Div-Left and Solve-Div-Right (Fig. 0 per¬ 
form lazy reduction. 

The solution set for variable x , assignment v, and problem C{x ), is the set 
of values SCZ such that v £ S if C{v) is satisfied by v. The solution set Sd of 
a divisibility constraint d \ cx + s, variable x , and assignment v is either empty 
or unbounded from above and below. 

Lemma 4. Let v be an assignment for all variables except x. Let Sd be the 
solution set for variable x, assignment v, and constraint d \ cx + s. Then, 

Sd = 0 or Sd = {«o + ei/ : e £ Z} for some vq,v' £ Z. 
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Proof. In case Sd ^ 0, there exists a value vo G Sd such that d \ cvo + t'(s). We 
first prove that there exists an'eZ such that d \ c{vq + ev') + v(s) for all e G Z 
and therefore xo + ex' G Sd- We choose v', e' G Z such that c = e'gcd(c, d) and 
d = x'gcd(c, d). Then we deduce for any e G Z: 

d | c(i>o + ev') + v(s) = d \ cv 0 + v(s) + cev' = 
d | ci>o + v(s) + de'v' = d \ cv 0 + v(s) 

It remains to show that for every Vk G Sd there exists an e G Z such that 
vo+ev' = Vk- As Sd is the solution set we know that d | cxo+^(s) and d | cvk+v(s ) 
are true. Thence d | c{v 0 — Vk) = d | cvo + i'(s) — (cx*, + v(s)). As d = x' gcd(c, d), 
the term c(xo — x*,) is only divisible by d if xo — Vk is divisible by v'. Therefore, 
3e G Z : vo — Vk = ev'. □ 

This property allows us to choose an arbitrary small or large solution for x 
to satisfies d | cx + v(s ) in the correctness proof of weak Cooper Elimination. As 
mentioned in the outline of the proof, the ability to choose arbitrary small and 
large solutions for x is necessary when C(x) contains no constraints of the form 
—ax + p < 0 or bx — q < 0. 

Theorem 5. 

3x : C(x) = 3 K : Ml G C(x) : coeS(I,x) = 0} U {gcd(c, d) | s} U (J Rk ) 

V fceif / 

Proof. First, we partition the problem C(x) as follows: 

Ci = {—ax + p < 0 G C{x) : a > 0}, C u = {bx — q < 0 G C{x) : b > 0}, 

Id = d | cx + s G C(x), C r = {/ G C(x) : coeff (I,x) = 0}. 

By Lemma [2l it holds for all —ax + p < 0,bx — q < 0 G C(x) with a, b > 0 that: 
(3x : C(x)) —> (3x : {—ax + p < 0, bx — q < 0, d | cx + s}) 

—>• (3fc : {— k < 0,k — m < 0,bp — aq + bk < 0, a | k + p, ad \ cp + as + ck}). 

'---v--------" 

Rk 

By LemmaH it holds that: (3x : C(x)) —>• (3x : d \ cx + s) —>• gcd(c, d) | s. As 
C r C C(x) it also holds that: (3x : C(x)) —>• C r . As all new variables k G K 
appear only in one resolvent the above implications prove 

3x : C(x) —> 3K : f{I G C{x) : coeff(I, x) = 0} U {gcd(c, d) | s} U (J Rk ) ■ 

V keK J 

Assume, vice versa, that v is a satisfiable assignment for the formula after 
one step of weak Cooper elimination. Then it is easy to deduce the following 
facts: 

— Let Si be the solution set for x, v , and Ii = —ax+p < 0 G C(x) with a > 0. 

Then 5, = {r^l,r^l 

— Let S u be the solution set for x, v, and I u = bx — q < 0 G C{x) with b > 0. 

Then = {..., L^J-l,L^j}- 

— Let Sj be the solution set for x, v, and C; UC„. Then 5/ = H/jec, ^ n 
Pi i u ec u ^ u - 

— Let the set Si be bounded from below, i.e., Si = {1,1 + 1,...} or Si = 
{l ,..., u}. Then l = max/g^, | f : I = —a'x + p' < 0 j. 
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— Let the set Si be bounded from above, i.e., Si = {... ,u — l,it} or Si = 

it}. Then u = min/gcq { \r-$-\ ■ I = b'x — q' < 0 j. 

— By Lemma [3} d \ cx + i/(s) is satisfiable because gcd(c, d) \ s is contained 
in the result formula of weak Cooper elimination. By Lemma |4] the set of 
solutions for x , v, and d \ cx + s has the form Sd = {uo + v'p : v 1 £Z}. 

— The solution set S for x, v, and C' is S = Sd D S'/. 

Next, we do a case distinction on the structure of C{x): 

— Let Ci = 0, then Sj is unbounded from below. We choose a small enough 
v € Sd, i.e., small enough o'eZ such that v = Vo+v'/i. Then the assignment 
x i->- v and y v{y) (if y ^ x) satisfies C'. 

— Let C u = 0, then S/ is unbounded from above. We choose a large enough 
v £ Sd, i.e., large enough ti'eZ such that v = Vo + v'/i. Then the assignment 
x n- v and y v{y) for all y ^ x satisfies C’. 

— Let \Ci\, \C U \ > 0. We select /; = —ax +p < 0 such that 

r^l = max /eCi {r^l : I = -a'x+p' < o| 
and I u = bx — q < 0 such that 

L LMj = min/eCu { L L^lj : I = b'x - q’ < o} . 

The resolvent for the two constraints Ii and I u is 

Rk = {—k < 0, k — m < 0,bp — aq + bk < 0, a \ k + p, ad \ cp + as + ck}. 
We will now show that "( p + k ' > is in the set of solutions S of C(x). All of 
the remaining deductions stem from the evaluation of the resolvent under 
v. Since a | u(p + k), g Z. Furthermore, since g Z and 

v(bp — aq + bk) < 0, ^£±^1 e Si = ... ) Finally, since 

ad | u(cp + as + ck) = ad \ aci/(x) + av(s) = d \ cv{x) + v(s), 
g Sd- We choose the assignment v' with x e->■ v ( p + k '> anc l y ^ v(y) 
for all y ^ x. Hence, v' satisfies C'. 

□ 

We stated that weak Cooper elimination can only be applied to those prob¬ 
lems where C(x) contains one divisibility constraint d \ ax + p in x. To expand 
weak Cooper elimination to any set of constraints C'{x) we briefly explained 
how to exhaustively apply div-solve to eliminate all but one constraint d | ax + p 
in x. The algorithm CombDivs(a;, C ) (Fig. [2]) is a more detailed version of this 
procedure. 

Lemma 6 . Let C'(x) be a set of LI A constraints. Let C(x) be the output of 
CombDivs(a;, C'(x)). Then C(x) = C'(x). 

Proof. Follows directly from the proof of equivalence (14] of the div-solve trans¬ 
formation. □ 

Since the output C{x) of CombDivs(a;, C'{x)) is equivalent to C'{x) and fulfils 
the conditions of weak Cooper elimination, we conclude the following equivalence 
for the output of weak Cooper elimination applied to C(x ): 
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Algorithm 1: CombDivs(a;, C'(x)) 


1 

2 

3 

4 

5 

6 

7 

8 
9 

10 

11 

12 

13 


Input : The variable x and a set of LI A constraints C'(x ) 

Output : A set of LIA constraints C(x) such that C(x) = C'(x) and there 
exists one divisibility constraint d | cx + s G C(x) such that c > 0 
Cd ■= {d | cx + s € C'(x) : c > 0} 

C(x) := C'(x)\C d ; 
if (Cd = 0) then 

return C(x) U {1 | x} ; 
while (\C d \ > 1) do 

Select d\ \ aix +pi,d 2 | a 2 X + p 2 € C d ; 

C d := C d \ {di | aix + pi,d 2 \ a 2 x + p 2 }; 
d = gcd(aid2,a2cii) ; 

Choose ci and C 2 such that ciaitfe + C 2 a 2 di = d; 

C d — C d U {did 2 | dx + cid 2 pi + c 2 dip 2 } ; 

C(x) := C(x) U {d | — aip 2 + a 2 pi}', 

end 

return C(a;) U Cd ; 


Fig. 2. An algorithm that combines constraints C d = {d \ cx + s € C'(x) : c > 0} until 
only one divisibility constraint in x remains 


3x : C'(x) = 3K : 


^{/ £ C(x) : coeff(/, x) = 0} U {gcd(c, d) \ s} U 


U Rk) 

k&K J 


4 Strong Conflict Resolution Revisited 

Weak Cooper elimination is capable of exploring all unguarded variables to even¬ 
tually create a problem where feasibility only depends on guarded variables. It 
is simulated in a lazy manner through an additional set of CUTS ATH—t rules 
(Fig. O. Instead of eliminating all unguarded variables before the application 
of CUTSAT++, the rules perform the same intermediate steps as weak Cooper 
elimination, viz. the combination of divisibility constraints via div-solve and 
the construction of resolvents, to resolve and block conflicts in unguarded con¬ 
straints. As a result, CUTSAT++ can avoid some of the intermediate steps of 
weak Cooper elimination. Furthermore, CUTSAT++ is not required to apply the 
intermediate steps of weak Cooper elimination one variable at a time. The lazy 
approach of CUTSAT++ does not eliminate unguarded variables. In the worst 
case CUTSAT++ has to perform all of weak Cooper elimination’s intermediate 
steps. Then a strategy (Def. [T3l) guarantees that CUTSAT+- 1 - recognizes that 
all unguarded conflict constraints have been blocked by guarded constraints. 

The eventual result is the complete algorithm CUTSAT+-(-, which is a com¬ 
bination of the rules Resolve-Cooper, Solve-Div-Left, Solve-Div-Right (Fig. [3]), 
a strictly-two-layered strategy (Def. [13]), and the CUTSAT rules: Propagate, 
Propagate-Div, Decide, Conflict, Conflict-Div, Sat, Unsat-Div, Forget, Slack- 
Intro, Resolve, Skip-Decision, Backjump, Unsat, and Learn |14j . 
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The advantage of the lazy approach is that CUTSAT++ might find a sat- 
isfiable assignment or detect unsatisfiability without encountering and resolving 
a large number of unguarded conflicts. This means the number of divisibility 
constraint combinations and introduced resolvents might be much smaller in the 
lazy approach of CUTSAT++ than during the elimination with weak Cooper 
elimination. 

In order to simulate weak Cooper elimination, CUTSAT++ uses a total order 
-< over all variables such that y -< x for all guarded variables y and unguarded 
variables x m- While the order needs to be fixed for all unguarded variables, the 
ordering among the guarded variables can be dynamically changed. In relation 
to weak Cooper elimination, the order -< describes the elimination order for the 
unguarded variables, viz. Xi -< Xj if x 3 is eliminated before X{. A variable x is 
called maximal in a constraint I if x is contained in / and all other variables in 
I are smaller with respect to -<. The maximal variable in I is also called its top 
variable ( x = top(/)). 

Definition 7. Let S = (M, C) be a state, C C C, x the top variable in C' and 
let all other variables in C' be fixed. The pair (x, C) is a conflicting core if it is 
of one of the following three forms 

(1) C' = {—ax + p < 0, bx — q < 0}, and the lower bound from —ax + p < 0 

contradicts the upper bound from bx — q < 0, i.e., bound(— ax + p < 0 ,x,M) > 
bound( 6 x — q < 0 , x, in this case ( x , C') is called an interval conflicting 

core and its strong resolvent is ({— k < 0 , k — a + 1 < 0 }, {bp — aq + bk < 0 , a \ 

k + p}) m 'j 

(2) C’ = {—ax + p < 0, bx — q < 0 ,d \ cx + s}, and bi = bound (—ax + p < 
0, x , M), b u = bound( 6 x — q < 0, x, M), bi < b u and for all bd G [bi, b u \ we have 
d { cbd + lower(s, m)M; in this case ( x , C') is called a divisibility conflicting 
core and its strong resolvent is {{—k < 0 , k — m < 0 }, {bp — aq + bk < 0,a | 
k + p, ad | cp + as + ck}) m 

(3) C = {d | cx + s}, and for all bd £ Z we have d \ cbd + lower(s, M); in this 
case ( x , C’) is called a diophantine conflicting core and its strong resolvent is 
(0, {gcd{c,d) | a}). 

In the first two cases k is a fresh variable and m = 1cm ^a, gcd ^ d ^ ^ — 1. 

We refer to the respective strong resolvents for a conflicting core (x, C') by 
the function cooper(a;, C') which returns a pair (R k ,R c ) as defined above. Note 
that the newly introduced variable k is guarded by the constraints in R k . If there 
is a conflicting core (x, C') in state S , then x is called a conflicting variable. A 
potential conflicting core is a pair (x, C') if there exists a state S where ix,C') 
is a conflicting core. 

Next we define a semantic generalization of strong resolvents. Since the strong 
resolvents generated out of conflicting cores will be further processed by CUT- 
SAT++, we must guarantee that any set of constraints implying the feasibility of 
the conflicting core constraints prevents a second application of Resolve-Cooper 
to the same conflicting core. All strong resolvents of Definition [7] are also strong 
resolvents in the sense of the below definition (see also end of Section [3]). 
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Definition 8 . A set of constraints R is a strong resolvent for the pair ( x , C) 
if it holds that R. — > 3x : C' and for all J £ R : top (J) -< x. 

Lemma 9. Let C' C C. Let cooper(x, C') = (Rk,R c )- Let R = Rk U R c . Then 
3k : C U R = C. Furthermore, R is a strong resolvent for ( x , C). 

Proof. Follows directly from the Lemmas [2] and [3] The interval conflicting core 
is the only new case. However, cooper(x, {— ax+p < 0, bx — q < 0}) is equivalent 
to cooper(x, {—ax+p <0,bx — g < 0,1 | a;}). By Lemmas [2] and [31 R —> 3x : C. 
Finally, since k is the minimal element of -< and all other variables in R appear 
in C", where x is maximal, it holds that J £ R : top( J) -< x. □ 

The rule Resolve-Cooper (Fig. [3]) requires that the conflicting variable x of 
the conflicting core (x, C') is the top-variable in the constraints of C'. This sim¬ 
ulates a setting where all variables y with x + y are already eliminated. We 
restrict Resolve-Cooper to unguarded constraints, because weak Cooper elimi¬ 
nation modifies only unguarded constraints. 

Lemma 10. Let S = (M,C) he a CUTSAT++ state. Let C C C and x he 
an unguarded variable. Let R, R C C, be a strong resolvent for ( x,C ). Then 
Resolve-Cooper is not applicable to (x,C'). □ 

Proof. Assume for contradiction that D = (x, C') is a conflicting core, R £ C 
is a strong resolvent for D in state S and Resolve-Cooper is applicable to D in 
state S. Resolve-Cooper requires that all variables y + x are fixed (Fig. O. This 
holds especially for all variables in R (Def. [SJ . Due to the restriction that every 
conflict J £ C has top(J) -ft top(/) in Resolve-Cooper, there is no conflict in 
R. Furthermore, since all variables y + x are fixed, R is satisfied by the partial 
assignment defined by M. By Def. 0 all conflicting cores have no satisfiable 
solution for x under partial model M. However, by Def. [HI R satisfiable implies 
that there exists an x such that C' is satisfiable under M. This contradicts the 
assumption that (x, C') is a conflicting core! □ 

For the resolvent R to block Resolve-Cooper from being applied to the 
conflicting core (x, C'), CUTSAT+- 1 - has to detect all conflicts in R. Detect¬ 
ing all conflicts in R is only possible if CUTSAT++ fixes all variables y with 
y + x and if Resolve-Cooper is only applicable if there exists no conflict I with 
top(/) -< x. Therefore, the remaining restrictions of Resolve-Cooper justify the 
above Lemma. If we add strong resolvents again and again, then CUTS AT-l—l- 
will reach a state after which every encounter of a conflicting core guarantees 
a conflict in a guarded constraint. From this point forward CUTSAT++ won’t 
apply Resolve-Cooper anymore. The remaining guarded conflicts are resolved 
with the rules Conflict and Conflict-Div [14] . 

The rules Solve-Div-Left and Solve-Div-Right (Fig. [3]) combine divisibility 
constraints as it is done a priori to weak Cooper elimination. In these rules we 
restrict the application of div-solve(x, I±, I 2 ) to constraints where x is the top 
variable and where all variables y in I\ and I 2 , with y f= x, are fixed. The ordering 
restriction simulates the order of elimination, i.e., we apply div-solve(x, I\, I 2 ) 
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in a setting where all variables y with x < y appear to be eliminated in I\ 
and I2 • Otherwise, divergence would be possible (see example E}. Requiring 
smaller variables to be fixed prevents the accidental generation of a conflict for 
an unguarded variable 27 by div-solve(x, I\, Ifl)- 

Thanks to an eager top-level propagating strategy, defined below, any un¬ 
guarded conflict in CUTSAT+-)- is either resolved with Solve-Div-Right (Fig. [ 3 ]) 
or CUTSAT+-1- constructs a conflicting core that is resolved with Resolve- 
Cooper. Both cases may require multiple applications of the Solve-Div-Left rule 
(Fig. O. We define the following further restrictions on the CUTSAT+-1- rules 
that will eventually generate the above described behavior. 

Definition 11 . Let cxi £ {<, >}. We call a strategy for CUTSAT++ eager top- 
level propagating if we restrict propagations and decisions for every state (M , C) 
in the following way: 

1 . Let x be an unguarded variable. Then we only allow to propagate bounds 

x [xi bound(/, x, M) if x is the top variable in I. Furthermore, if I is a 

divisibility constraint d \ ax + p, then we only propagate d \ ax + p if: 

(a) Either lower(x, M) ^ —00 and upper(x, M) ^ 00 

(b) Or if gcd(a, d) | lower (p,M), and d \ ax + p is the only divisibility con¬ 
straint in C with x as top variable. 

2 . Let x be an unguarded variable. Then we only allow decisions 7 = x xi b if: 

(a) For every constraint I £ C with x = top (/) all occurring variables j/ /1 
are fixed 

(b) There exists no I £ C where x = top(/) and I is a conflict in [M, 7] 

(c) Either lower(x, M ) ^ —00 and upper(x, M ) ^ 00 or there exists at most 
one divisibility constraint in C with x as top variable. 

An eager top-level propagating strategy has two advantages. First, the strat¬ 
egy dictates an order of influence over the variables, i.e., a bound for unguarded 
variable x is only influenced by previously propagated bounds for variable y with 
y -< x. Furthermore, the strategy makes only decisions for unguarded variable x 
when all constraints with x = top (/) are fixed and satisfied by the decision. This 
means any conflict I £ C with x = top(I) is impossible as long as the decision for 
x remains on the bound sequence. For the same purpose, i.e., avoiding conflicts 
I where x = top(/) is fixed by a decision, CUTSAT-I—|- backjumps in the rules 
Resolve-Cooper and Solve-Div-Right to a state where this is not the case. To 
avoid frozen states resulting from the eager top-level propagating strategy, the 
slack variable xs has to be the smallest unguarded variable in Otherwise, the 
constraints x — xs < 0 , — x — xs < 0 introduced by Slack-Intro cannot be used 
to propagate bounds for variable x , and x would remain stuck. 

Definition 12 . A strategy is reasonable if Propagate applied to constraints of 
the form ±x — b < 0 has the highest priority over all rules and the Forget Rule 
is applied only finitely often W- 
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Solve-Div-Left 


(M,C) =>cs (M,C) 


Solve-Div-Right 


(M,C) =^ CS (. M',C') 


Resolve-Cooper 


if 


divisibility constraints Ii, I2 G C, 
x is top in 1 1 and I2, 
x is unguarded, 

< all other vars. in 1 1 ,12 are fixed, 
{I1J2) = div-solve (x,Ii, I2), 

C' = C\{h,I 2 }U{I[,I' 2 }, 

I 2 is not a conflict 


if 


divisibility constraints Ji, I 2 G C, 
x is top in 1 1 and I 2 , 
x is unguarded, 

all other vars. in I\, I 2 are fixed, 

< {I'iJ'2) = div-solve(a;,/i,/2), 

C' = C \ {Ilyh} U {I[, I2}, 

I 2 is a conflict 
y = top{I 2 ) 

_ M' = prefix(M, y) 


(M, C) =>cs {M' , CUfltU R c ) if < 


(a :,C') is a conflicting core, 
x is unguarded, 
all z <x are fixed and C' C C, 
if J G C is a conflict, then top(J) / x, 
cooper {x,C') = (R k ,R c ), 
y = min /ei { c {top(/)}, 

M' = prefix(M, y) 

In the above rules, M' = prefix(M, y ) defines the largest prefix of M that contains only 
decided bounds for variables x with x -< y. 


Fig. 3 . Our strong conflict resolution rules 


Definition 13. A strategy is strictly-two-layered if: 

(1) it is reasonable, (2) it is eager top-level propagating (Def.{Tl\l, (3) the Forget, 
Conflict, Conflict-Div rules only apply to guarded constraints, (4) Forget cannot 
be applied to a divisibility constraint or a constraint contained in a strong resol¬ 
vent, and (5) only guarded constraints are used to propagate guarded variables. 


A strictly-two-layered strategy is the final restriction to CUTSAT+-1-. With 
the condition 1131 131 it partitions conflict resolution into two layers: Every un¬ 
guarded conflict is handled with the rules Resolve-Cooper, Solve-Div-Left, and 
Solve-Div-Right (Fig. [3]), every guarded conflict with the rules Conflict(-Div). 
The conditions ITol 111 andflSRSl make the guarded variables independent from 
the unguarded variables. The conditions [13J- (2) and[T3l-f4l give a guarantee that 
the rules Resolve-Cooper, Solve-Div-Left, and Solve-Div-Right are applied at 
most finitely often. We assume for the remainder of the paper that all runs of 
CUTSAT+-1- follow a strictly-two-layered strategy. 
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5 Termination and Completeness 

The CUTSAT++ rules are Propagate, Propagate-Div, Decide, Conflict, Conflict- 
Div, Sat, Unsat-Div, Forget, Slack-Intro, Resolve, Skip-Decision, Backjump, Un¬ 
sat, and Learn from [14], as well as Resolve-Cooper, Solve-Div-Left, and Solve- 
Div-Right (Fig. [3]). Before we prove termination and completeness for CUT- 
SAT+-(-, we have to prove another property over strong resolvents. We have 
proven in Section [I] that Resolve-Cooper applied to conflicting core (x , C) adds 
a strong resolvent R, which blocks another application of Resolve-Cooper to 
(x, C). However, CUTSAT+-(- is able to remove constraints from R with the 
rules Solve-Div-Left and Solve-Div-Right. This removes the original conflict¬ 
ing core R from our state. Nonetheless, CUTSAT++ is still unable to apply 
Resolve-Cooper to conflicting core (x, C') because the rules Solve-Div-Left and 
Solve-Div-Right guarantee that a new strong resolvent R' for conflicting core 
(x, C') is introduced: 

Lemma 14. Let S = ( M,C) be a state reachable by CUTSAT++ from the 
initial state ([],Cb) and let S' = (. M',C') be a state reachable by CUTSAT++ 
from S. Let C contain a strong resolvent R for (x, C"). Then C contains also 
a strong resolvent R' for (x, C"). 

Proof. Assume for a contradiction that S contains a strong resolvent R for 
(x,C") and S' contains no strong resolvent R' £ C for (x,C"). W.l.o.g. we as¬ 
sume that S' is the first state after S where Rfj-C. By Def.H3l(4). CUTSAT+-1- 
with a strictly-two-layered strategy cannot remove constraints from a strong re¬ 
solvent R except with the rules Solve-Div-Right and Solve-Div-Left. Through 
the equivalence proven for div-solve(a;, I\, I 2 ) in [14] , we know that there exist 
/(, I 2 £ C' such that {/(, I' 2 } = { 1 \, I 2 } and R C C' \ {/(, If} U {U, h}- Thus 
R' = R \ {/ 1 , 12 } U {I[, If} is a strong resolvent of (a;, C") such that 

R' R -> : C". 

Furthermore, R' is a subset of C. which contradicts our initial assumption! □ 

Together with LemmafTUlthis property implies that Resolve-Cooper is applied 
at most once to every conflicting core encountered by CUTSAT+-I-. This is 
essential for our termination proof. 

5.1 Proof for Termination 

For the termination proof of CUTSAT++, we consider a (possibly infinite) se¬ 
quence of rule applications ([],Co) = Sq => cs S\ =4> cs ... on a problem Co, 
following the strictly-two-layered strategy. 

First, this sequence reaches a state S s (s £ N(j") after a finite derivation of 
rule applications So => C s • • • =>cs S s such that there is no further application 
of the rules Slack-Intro and Forget after state S s : 

Lemma 15. Let ([], Co) = Sq ==> C s S 1 => C s ■ ■ ■ be a sequence of rule applica¬ 
tions applied to a problem Co, following the strictly-two-layered strategy. Then 
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the sequence reaches a state S s (s £ Ng ") after at most finitely many rule ap¬ 
plications Sq =>cs ■ ■ ■ =>cs S s such that there is no further application of the 
rules Slack-Intro and Forget after state S s . 

Proof. Such a state S s exists for two reasons: Firstly, the strictly-propagating- 
strategy employed by CUTSAT++ is also reasonable. The reasonable strategy 
explicitly forbids infinite applications of the rule Forget. Secondly, the Slack-Intro 
rule is applicable only to stuck variables and only once to each stuck variable. 
Only the initial set of variables can be stuck because all variables x introduced 
during the considered derivation are introduced with at least one constraint 
x — b < 0 that allows at least one propagation for the variable. Therefore, the 
rules Slack-Intro and Forget are at most finitely often applicable. □ 

Next, the sequence reaches a state S w (w > s) after a finite derivation of 
rule applications S s =>- cs ■ • ■ =>cs S w such that there is no further applica¬ 
tion of the rules Resolve-Cooper, Solve-Div-Left or Solve-Div-Right after state 
S w : The rules Resolve-Cooper, Solve-Div-Left, Solve-Div-Right, and Slack-Intro 
are applicable only to unguarded constraints. Through the strictly-two-layered 
strategy they are also the only rules producing unguarded constraints. There¬ 
fore, they form a closed loop with respect to unguarded constraints, which we 
use in our termination proof. We have shown in the previous paragraph that 
S s =>cs ■ ■ • =>cs S w contains no application of the rule Slack-Intro. By Lemma 
m an application of Resolve-Cooper to the conflicting core (x , C') prevents any 
further applications of Resolve-Cooper to the same core. By Def. [7] the con¬ 
straints learned through an application of Resolve-Cooper contain only variables 
y such that y -< x. Therefore, an application of Resolve-Cooper blocks a con¬ 
flicting core ( x , C') and introduces potential conflicting cores only for smaller 
variables than x. This strict decrease in the conflicting variables guarantees that 
we encounter only finitely many conflicting cores in unguarded variables. There¬ 
fore, Resolve-Cooper is at most finitely often applicable. An analogous argument 
applies to the rules Solve-Div-Left and Solve-Div-Right. Thus the rules Resolve- 
Cooper, Solve-Div-Left and Solve-Div-Right are at most finitely often applicable. 

Lemma 16. Let ([], Co) = So => cs Si => cs ... be a sequence of rule applica¬ 
tions applied to a problem Co, following the strictly-two-layered strategy. Then 
the sequence reaches a state S w after finitely many rule applications So =^cs 
... => cs S w such that there is no further application of the rules Resolve-Cooper, 
Solve-Div-Left, and Solve-Div-Right after state S w . 

Proof. By Lemma 1151 we assume w.l.o.g. that the sequence continues from a 
state S s such that S s is reached by the sequence after at most finitely many 
rule applications So => C s • • • =^cs S s , and there is no further application 
of the rules Slack-Intro and Forget after state S s . Let X\ -< ... -< x n be the 
order of variables for all unguarded variables Xi. We consider a weight vector 
that strictly decreases after every call to Resolve-Cooper, Solve-Div-Left and 
Solve-Div-Right. For this weight vector, we define cores (xi,C) as the set of po¬ 
tential conflicting cores in the problem C with conflicting variable Xi. Its subset 
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woSR(xj,C) C cores (xi,C) is defined so it contains all its potential conflicting 
cores without a strong resolvent R C C. It is easy to see that | cores(x^ C)\ < 
and therefore both functions define finite sets. Now we define the weight vector 
weight c (S) for every state S = (M, C)(\~ I): 

weight c (5') = (| cores(x„, C)|, | woSR(x n , C )\,..., | cores(xi, C)|, | woSR(xi, C)|) 
By Definition [13] Conflict (-Div) is only applicable to guarded constraints and 
guarded variables are only propagated through guarded constraints. Therefore, 
the conflict I in a state (M, C) b I stays always guarded, even after an ap¬ 
plication of the Resolve rule, and Learn is only applicable to guarded con¬ 
straints. Therefore, Resolve-Cooper, Solve-Div-Left, and Solve-Div-Right are 
the only rules learning potentially unguarded constraints and thereby the only 
rules that can increase | cores(xj, C )| and | woSR(xj, C)\ between two subsequent 
states Si => cs S'i+i. After all other transitions Si => C s Si+i, it holds that 
weight c (S'i) >iex weight c (5j+i). Whenever CUTSAT+-(- applies Solve-Div-Left, 
Solve-Div-Right or Resolve-Cooper, the weight vector strictly decreases, i.e., 
weight c (S") >ie X weight c (S l ): 

1. By Lemma eh an application of Resolve-Cooper to conflicting core ( Xi,C*) 
implies that there is no strong resolvent R' C C' for (xi,C*). By Lemma [51 
the new problem C = C' U R contains a strong resolvent R for (xj,C*). 
Therefore, | woSR(x,, C)\ < | woSR(xj, C')\. By Definition [8] it holds for 
all y € vars(i?) that y -< x. Thence, Resolve-Cooper has not introduced 
new potential conflicting cores (xj. C**) with j > i and | cores(xj, C) \ < 

| cores(xj, C")| for all j > i. By LemmaITTl | woSR(xj, C)\ < \ woSR(Xj, C")| 
for all j > i. Therefore, the weight decreases after an application of Resolve- 
Cooper, i.e., weight c (S") >i ex weight c (5). 

2. Let Solve-Div-Left (Solve-Div-Right) be applied to the pair of divisibility 
constraints {Ii,h) such that top(/i) = Xi and div-solve(xi,ii, I 2 ) = 

The new constraint set is C — C \ { 11 , 12 } U The number of 

potential conflicting cores containing the same divisibility constraint I = 
d | ax + p € C" in problem C W {/} is the same for all divisibility con¬ 
straints with top(I) = x. This means, removing I\ and replacing it with 
I[ doesn’t increase the number of cores, i.e., | cores(xi, C' \ {I\} U {/(})| = 

| cores(xj, C')\. However, since I 2 G cores (xi,C r ) and we replace I 2 with I' 2 
where top^) -< x^, we will decrease the number of conflicting cores in Xj. 
It is easy to see, that we do not introduce any new conflicting cores for Xj 
with j > i. Thus | cores(xj, C) \ = \ cores(Xj, C")|. Finally, Lemma ITTl implies 
that | woSR(Xj, C)\ < \ woSR(xj, C')\ for j > i. Therefore, weight c (C") >i ex 
weight c (C). 

We deduce that the weight c vector monotonically decreases if we continue from 
the before mentioned state S s . Since > is a well-founded order, the lexicographic 
order >i ex is also well-founded. The minimum of the weight order is (..., 0,...). 
As >i ex is well-founded, there exists no way to decrease the weight weight c (C' s ) 
without reaching the minimum (..., 0,...) after finitely many applications of the 
rules Solve-Div-Left, Solve-Div-Right, or Resolve-Cooper. Finally, the weighty, 
vector cannot decrease below (... ,0,...) so CUTSAT+-I- is not able to apply 


24 





Solve-Div-Left, Solve-Div-Right, or Resolve-Cooper after we reach a state S with 
weight c (5') = (..., 0,...). We conclude that the rules Solve-Div-Left, Solve-Div- 
Right, and Resolve-Cooper are at most finitely often applicable. □ 

Next, the sequence reaches a state Sb (b > w) after a finite derivation of rule 
applications S w => cs ... => C s Sb such that for every guarded variable x the 
bounds remain invariant, i.e., lower(x, Mb) = lower(x,Mj) and upper (x,Mb) = 
upper(x, Mj) for every state Sj = (Mj,Cj)(\~ Ij ) after Sb = (Mb, C&)(F h) ( j > 
b ): The strictly-two-layered strategy guarantees that only bounds of guarded 
variables influence the propagation of further bounds for guarded variables. Any 
rule application involving unguarded variables does not influence the bounds 
for guarded variables. A proof for the termination of the solely guarded case 
was already provided in [14]. At this point we know that the sequence after Sb 
contains no further propagations, decisions, or conflict analysis for the guarded 
variables. 

Lemma 17. Let ([], Co) = So => C s S± => cs ... be a sequence of rule applica¬ 
tions applied to a problem Co, following the strictly-two-layered strategy. Then 
the sequence reaches a state Sb after finitely many rule applications So =>cs 
... => C s Sb such that such that for every guarded variable x the bounds remain 
invariant. 

Proof. This proof is based on the termination proof for CUTSAT on finite prob¬ 
lems, i.e., problems without unguarded variables [141 . It uses a weight function 
that strictly decreases whenever CUTSAT+-I- changes a bound for a guarded 
variable and otherwise stays the same. By Lemmas IlSI and fTfil we assume w.l.o.g. 
that the sequence continues from a state S w such that S w is reached by the se¬ 
quence after at most finitely many rule applications So =^cs • • • =>cs S w , 
and there is no further application of the rules Slack-Intro, Forget, Resolve- 
Cooper, Solve-Div-Left, and Solve-Div-Right after state S w . The levels of a 
state S = (M, C) is the number of decisions for guarded variables in M. The 
maximal prefix of M containing only j decisions for guarded variables is denoted 
by B-subseq ? (Af) = Mj the j-th guarded subsequence. Since CUTSAT-I—(- is rel¬ 
evant, it prefers to propagate simple constraints. This allows us to assume w.l.o.g. 
that Mo contains both a lower and upper bound for all guarded variables x. The 
guarded weight of the j-th levels is defined by the function wb(Mj): 

w B (Mj) = Ea- is guarded (upper(x, M) - lower(x, M)). 

The guarded weight of a state is the vector: 

weights((M, C)) = (rcs(B-subseq 0 (M)), • • • , rcs(B-subseq„(M))), 
where n is the number of guarded variables. We order the two weights-vectors 
of two subsequent search-states with the well-founded lexicographic order >i ex 
based on the well-founded order >. It is easy to see that the minimum of weights 
is (..., 0,...) and that any change to a bound of a guarded variable changes 
the guarded weight weighty. Furthermore, by the definition of the strictly-two- 
layered strategy, we see that we only propagate guarded variables with guarded 
constraints. Thus the strategy also implies that the conflict rules, Conflict, 
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Conflict-Div, Backjump, Resolve, Skip-Decision, Unsat, and Learn, only han¬ 
dle guarded constraints. Given the proof for Theorem 2 in H3, we see that 
every application of Propagate, Propagate-Div and Decide applied to a guarded 
variable decreases weight B strictly. We see in the same proof [H] that weighty 
strictly decreases between one application of Conflict(-Div) and Backjump as 
long as the conflict rules handle only guarded constraints - as is the case for 
CUTSAT+-1-. Since the bound sequence M is finite, the conflict rules are at most 
\M\ times applicable between one application of Conflict (-Div), and Backjump 
or Unsat. The remaining rules, Propagate, Propagate-Div and Decide applied 
to unguarded variables, have no influence on weighty or the bounds of guarded 
variables. Since the guarded weight weighty cannot decrease below (...,0,...), 
we conclude that CUTSAT+-)- is not able to change the bounds for guarded 
variables infinitely often. □ 

Next, the sequence reaches a state S u ( u > b) after a finite derivation of 
rule applications Sb =>cs • • • =>cs S u such that also for every unguarded 
variable x the bounds remain invariant, i.e. lower(x, Mb) = lower (x,Mj) and 
upper(x, Mb) = upper (x,Mj) for every state Sj = (Mj,Cj)(\~ Ij) after S u = 
(M u ,Cb)( h I u ) (j > u). After Sb, CUTSAT +-\- propagates and decides only 
unguarded variables or ends with an application of Sat or Unsat (-Div). CUT- 
SAT++ employs the strictly-two-layered strategy which is also an eager top-level 
propagating strategy. The latter induces a strict order of propagation over the 
unguarded variables through the top-variable restriction for propagating con¬ 
straints. Therefore, any bound for unguarded variable x is influenced only by 
bounds for variables y -< x. This strict variable order guarantees that unguarded 
variables are propagated and decided only finitely often. 

Lemma 18. Let ([], Co) = So => cs Si ==> C s ■ ■ ■ be a sequence of rule applica¬ 
tions applied to a problem Co, following the strictly-two-layered strategy. Then 
the sequence reaches a state S u after finitely many rule applications So => cs 
... =>cs Su such that for every unguarded variable x the bounds remain invari¬ 
ant. 

Proof. By Lemmas IT5lfl6l andfTTl we assume w.l.o.g. that the sequence continues 
from a state St, = (Mb, Cb )(P h) such that Sf, is reached by the sequence after 
at most finitely many rule applications So => C s • • • =>cs Sb and only the rules 
Sat, Unsat-Div, Propagate, Propagate-Div, and Decide are applied after Sb, 
whereas the last three only for unguarded variables. Assume for a contradiction 
that there exists an infinite CUTSAT+-(- run starting in Sb- Since there is only a 
finite number of unguarded variables and no rule to undo a decision, the Decide 
rule is applied at most finitely often. Furthermore, any application of Sat or 
Unsat-Div ends a run making it finite. This allows us to assume w.l.o.g. that 
there is no application to the rules Sat, Unsat-Div, and Decide in the infinite 
run starting in the state Sb- 

Since there are at most finitely many variables in state Sb, and no rule to 
introduce further variables after Sb, there exists a smallest unguarded variable x 
that is propagated infinitely often. We assume w.l.o.g. that the run starting in Sb 
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propagates only variables y bigger than or equal to x. Therefore, the bounds of all 
smaller variables y, remain invariant in all subsequent states Sj = (Mj, Cj){ b Ij) 
of Sb, i.e., lower(y, Mj) = lower (y,Mb) and upper (y,Mj) = upper (y, Mb). Since 
there exists no applicable rule that changes the constraint set, we notice that the 
constraint set Cb also remains invariant for all states after Sb- Thus we find all 
constraints C* used to propagate x in the set Cb- Since CUTSAT++ is eager top- 
level propagating, any constraint I € C* has x as their top variable. This leads 
us to the deduction, that bound (I,x,Mj) = bound(/, x, Mb) for all subsequent 
states Sj = ( Mj,Cj) and inequalities I £ C*. Since the bounds defined by the 
inequalities in C* remain invariant after state Sb, CUTSAT++ propagates x at 
most finitely often with inequalities. 

Therefore, there only exists an infinite CUTS ATH—h run if x is propagated in¬ 
finitely often with Propagate-Div. This allows us to assume w.l.o.g. that the run 
starting in Sb propagates x only with Propagate-Div. Next, we deduce that vari¬ 
able x stays unbounded in the remaining states of the derivation sequence. Other¬ 
wise there exists a finite set x £ {l x ,..., u x } bounding x, therefore allowing only 
finitely many propagations. In the case that x stays unbounded, the definition of 
the eager top-level propagating strategy states that Propagate-Div is only appli¬ 
cable to x if Id = d | ax+p £ C* is the only divisibility constraint in Cb with x as 
their top variable. Furthermore, we know, because of Definition llll and Lemma[3l 
that there must exist v £ Z such that d | av + lower(p, Mk) is satisfied. Now if 
we consider Lemma Q] and the conditions c = bound (D,x, M),c < upper(a;,M) 
and c = bound(D, x, M), c > lower(a;, M) of the Propagate-Div rule, then we see 
that Propagate-Div propagates x at most finitely often. More specifically, if the 
lower bound of x is lower(:r, Mb) = l x ^ —oo then Propagate-Div propagates for 
x at most v — l x lower bounds. If the upper bound of x is upper(x, Mb) = u x oo 
then Propagate-Div propagates for x at most u x — v upper bounds. This contra¬ 
dicts the assumption that x is the smallest variable propagated infinitely often, 
which in turn contradicts our initial assumption! □ 

After state S u , only the rules Sat, Unsat, and Unsat-Div are applicable, 
which lead to a final state. Hence, the sequence Sq =>cs Si =>cs • ■ • is finite. 
We conclude that CUTSAT++ always terminates: 

Theorem 19. If CUTSAT++ starts from an initial state ([],Co), then there is 
no infinite derivation sequence. 

Proof. By Lemmas [El [El El and [El CUTSAT++ reaches a state S u after 
which only the rules Sat, Unsat, and Unsat-Div are applicable, which lead to a 
final state. Therefore, CUTSAT+-1- does not diverge. □ 


5.2 Frozen States 

Our CUTSAT+-(- algorithm never reaches a frozen state. Let x be the smallest 
unfixed variable with respect to -<■ Whenever x is guarded we can propagate 
a constraint ix — b < 0 £ C and then fix x by introducing a decision. If we 
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cannot propagate any bound for x, then x is unguarded and stuck, and there¬ 
fore Slack-Intro is applicable. If we cannot fix x by introducing a decision, then 
x is unguarded and there is a conflict constraint. Guarded conflict constraints 
are resolved via the Conflict(-Div) rules. Unguarded conflict constraints are re¬ 
solved via the strong conflict resolution rules. Unless a final state is reached 
CUTSAT-H- has always a rule applicable. 

The proof outlined above works because CUTSAT++ encounters only un¬ 
guarded conflict constraints that are either the result of multiple contradicting 
divisibility constraints resolvable by Solve-Div-Left and Solve-Div-Right, or ex¬ 
pressible via a conflicting core. Since conflicting cores are only defined over con¬ 
straints and propagated bounds, we have to guarantee that CUTSAT++ never 
encounters an unguarded conflict constraint I where x = top(/) is fixed with a 
Decision. We express this property with the following invariant fulfilled by every 
state visited by CUTSAT++: 

Definition 20. A state S = (M,C)( h I) is called eager top-level propagated if 
for all unguarded variables x, all decisions ”f = xtxibinM = [M', 7 , M"\, and 
all constraints J £ C with top(J) = x: (1) all other variables contained in J are 
fixed in At' and (2) J is no conflict in S. 

Lemma 21. If S' is an eager top-level propagated state (Def. \20\) . then any 
successor state S = (M,C )(b I) reachable by CUTSAT++ is eager top-level 
propagated. 

Proof. Let S' be an eager top-level propagated state and S its successor, i.e., 
S' =» cs S. We prove this Lemma with a case distinction on the rule leading to 
the above transition: 

1. Let the applied rule be Propagate(-Div). Then S' = ( At',C') and S = 
(\AP ,x ocj b\,C'). Let J' £ C be the constraint used for propagation, i.e., 
J' fulfils the properties improves^', x, At'), bound (J',x,M') = b and J = 
tight (J 1 2 * * * * 7 , x, At') (or J = div-derive( J', x, M')). Let the unguarded variable 
y be fixed by a decided bound 7 , i.e., At' = [M", 7 , M"']. Let I £ C' be 
a constraint with top(/) = y. Since S' is eager top-level propagated, all 
variables in I are fixed in At' and At". The variable x is not fixed in At', 
because the predicate improves( J', x, At') must be true for Propagate(-Div) 
to be applicable. Therefore, x is not contained in I (or top(/) = y -< x) and 
I is still no conflict in S. Furthermore, all variables in I are still fixed in 
\AP ,x cxij 6 ]. We conclude that S is eager top-level propagated. 

2. Let the applied rule be Decide. Then S' = (M',C) and S = ([M',x xi 
6 ], C'). We will use the eager top-level propagating strategy (Def. [TT]) to prove 

that S is an eager top-level propagated successor state. We consider all un¬ 

guarded variables y decided in S' by a decided bound 7 . Let I £ C' be a con¬ 

straint with top(J) = y. The bound 7 is part of At' , i.e., M' = \M", 7 , M'"\. 

As S' is eager top-level propagated, all other variables contained in I are 

fixed in At' and At". Since lower(x, At') < upper(a:, M') is a condition of the 
Decide rule, the variable x is not fixed in At'. Therefore, x is not contained in 
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I (top(/) = y -< x), and I is still no conflict in S. Furthermore, all variables 
in I are still fixed in \M' ,x ccj bj. Next, we prove that the newly decided 
variable x does not violate that S is eager top-level propagated. Considering 
Def. |TT]2(a) we see that Def. [2U1 1 is fulfilled. Similarly, Def. [TT]2(b) enforces 
Def. [20]2. We conclude that S is eager top-level propagated. 

3. Let the applied rule be Unsat(-Div) or Sat. Then the successor state S is 
neither a search- or conflict-state. The Lemma is thereby trivially fulfilled. 

4. Let the applied rule be Forget. Then S' = (M 1 , C' U {J}} and S = (M ', C'). 
Therefore, any conflict I £ C and any decision in S is also contained in S'. 
We conclude that S is eager top-level propagated. 

5. Let the applied rule be Slack-Intro. Then S' = (M 1 , C'), a: is a stuck variable 
in S' and S = (M',C"U {—Xs < 0,x — x$ < 0, — x — x$ < 0}}. Either Slack- 
Intro was applied before and —xs < 0 £ C' or xs has upper(xs,M) = oo, 
and — xs < 0 is not a conflict in S. Since x was stuck in S', it is unfixed, 
and the top variable in the new constraints {x — xs < 0, — x — xs < 0}. We 
conclude that S is eager top-level propagated. 

6 . Let the applied rule be Resolve-Cooper. Then S' = {M',C') and S = 
( M , C'LiR c LiRk)- Notice that M = prefix(M', y) with y = min/ g /j < .{top(/)}. 
Therefore, M is the prefix of M' without decisions in variables greater or 
equal to y. Since y ■< x for all I £ R and x = top(/), we deduce that any 
I £ R that is a conflict has no decision for its top variable x in S. Since M 
is a prefix of M', every conflict I £ C' appearing in state S also appears in 
state S'. Now it is easy to see that S is eager top-level propagated because 
S' was eager top-level propagated. 

7. Let the applied rule be Solve-Div-Right. Then S' = ( M',C' U {/i,/ 2 }) and 
S = (M , C' U {/{, I' 2 }). We notice that M = prefix(M', y) with y = top^). 
Therefore, M is the prefix of M' without decisions in variables greater or 
equal to y, which includes especially the variable x = top(/i). We deduce 
that neither the top variable of I[ or I' 2 is fixed by a decision. Since M is a 
prefix of M', every conflict I £ C' appearing in state S also appears in state 
S'. Now it is easy to see that S is eager top-level propagated because S' was 
eager top-level propagated. 

8 . Let the applied rule be Solve-Div-Left. Then S' = (M',C' U { I \,/ 2 }) and 
S = (M', C' U {/{, / 2 }}- Since the bound sequence is the same in both states, 
every conflict I £ C' appearing in state S also appears in state S'. By 
the definition of the Solve-Div-Left rule, / 2 is no conflict in state S. Note 
that div-solve is an equivalence preserving transformation. Thus if I[ were a 
conflict in S, and top(/{) = x fixed by a Decision, then Ii or / 2 is a conflict 
in S'. Therefore, I[ is no conflict or top(/{) = x is not decided by a Decision. 
Now it is easy to see that S is eager top-level propagated because S' was 
eager top-level propagated. 

9. Let the applied rule be Conflict or Conflict-Div. Then S' = (M', C) and 
S = (M', C) b I. It is easy to see that S is eager top-level propagated 
because S' is eager top-level propagated. 

10. Let the applied rule be Resolve or Skip-Decision. Then S' = ([M, 7 ], C') h J' 
and S = ( M , C') h J. Since M is a prefix of M', every conflict I £ C' 
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appearing in state S also appears in state S'. Now it is easy to see that S is 
eager top-level propagated because S' was eager top-level propagated. 

11. Let the applied rule be Learn. Then S' = ([M', 7 ], C') h I and S = (M', C' U 
I) h I. Since CUTSAT +-\- uses a two-layered strategy (Def. IT5j) . / is a 
guarded constraint. Now it is easy to see that S is eager top-level propagated 
because S' was eager top-level propagated. 

12. Let the applied rule be Backjump. Then S' = (|M', 7 , M"\, C') b I and 
S = ([M', 7 7 ], C'). Since CUTSAT++ uses a two-layered strategy (Def. HCH). 
/ is a guarded constraint. Now it is easy to see that S is eager top-level 
propagated because S' was eager top-level propagated. 


□ 

Since the initial state {[]. Cq ) fulfils the eager top-level propagated proper¬ 
ties trivially, it is clear that CUTSAT++ produces only eager top-level states, 
except for the final states. The eager top-level propagated property is so im¬ 
portant, because it allows us to show that CUTSAT++ resolves any conflict I 
it encounters. In case the conflict is a guarded constraint this is done with the 
conflict rules. Otherwise, the conflict I is an unguarded constraint and CUT- 
SAT++ simulates weak Cooper elimination with the strong conflict resolution 
rules. First, we use Solve-Div-Left to simulate Phase I. This either ends with a 
call to Solve-Div-Right resolving the conflict or CUTSAT++ finds a conflicting 
core. Then the conflicting core is resolved with the rules Resolve-Cooper. 

Lemma 22. Let S = (M, C) be a state reachable by CUTSAT++. Let I 6 C be 
a conflict in state S. Then state S is not frozen. 

Proof. Assume for a contradiction that state S is frozen. W.l.o.g. we assume that 
x = top(/) is the smallest variable in our order that is top variable in a conflict 
I' E C. If x is a guarded variable then Conflict or Conflict-Div is applicable, 
which contradicts our initial assumption! Therefore, x is an unguarded variable. 
Furthermore, all variables y smaller than x are fixed. Otherwise, we deduce for 
the smallest unfixed variable y that either 

— y is stuck and Slack-Intro is applicable 

— Propagate is applicable to a constraint I' where top [I') = y 

— C contains at least two divisibility constraints I\ , I 2 that have y as their top 
variable and Solve-Div-Left or Solve-Div-Right is applicable 

— S contains a diophantine conflicting core ( y,Id ) and Resolve-Cooper is ap¬ 
plicable 

— Decision is applicable to y because all conditions in Def. [lT]2 are fulfilled 

Since S is eager top-level propagated and / is a conflict with top variable x, we 
know that state S contains no decision for x (Def. [20] and Lemma l2lTl . W.l.o.g. 
we assume that C contains at most one divisibility constraint Id with x as 
its top variable. Otherwise, Solve-Div-Left or Solve-Div-Right are applicable, 
which contradicts our initial assumption! Let x > bi be the strictest lower bound 
bi = bound(a;,A,M, >) for an inequality Ii E C with top variable x or —00 if 
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there is no inequality propagating a lower bound. Let x < b u be the strictest 
upper bound b u = bound(x, I U ,M, <) for an inequality I u £ C with top variable 
x or oo if there is no inequality propagating an upper bound. Since the strictly- 
two-layered strategy forbids the application of Forget to unguarded constraints, 
CUTSAT+-t- never removes an unguarded inequality. Furthermore, any bound 
x ix] b propagated from a divisibility constraint requires another bound x cc b 1 
propagated from an inequality. We deduce that b u ^ oo if upper(x, M) ^ oo and 
bi —oo if lower(x, M) ^ — oo. Next, we do a case distinction on whether the 
bounds b u and bi are finite: 

— Let b u = oo and bi = —oo. Then it holds for all inequalities ax + p < 0 that 
lower ( ax+p) = —oo. Thus I is no inequality. A divisibility constraint is only 
a conflict if lower(x, M) ^ —oo and upper (x, M) ^ oo. This contradicts the 
assumption that I is a conflict. 

— Let b u = oo and bi £ Z. Then it holds for all inequalities ax + p < 0 with 
a < 0 that lower(ax + p) = —oo. Thus / is no inequality. A divisibility 
constraint is only a conflict if lower(x, M) ^ —oo and upper(x,M) ^ oo. 
This contradicts the assumption that I is a conflict. 

— Let bi = —oo and b u £ Z. Then it holds for all inequalities ax + p < 0 
with a > 0 that lower(ax + p) = —oo. Thus / is no inequality. A divisibility 
constraint is only a conflict if lower(x, M) ^ —oo and upper(x,M) ^ oo. 
This contradicts the assumption that I is a conflict. 

— Let b u < bi. Then (x, {/;,/„}) is a conflicting core, and Resolve-Cooper is 
applicable. This contradicts the assumption that no rule is applicable. 

— Let {6;,..., b u } 0. Then I is not an inequality. If (x, {/;, I u ,Id}) is a con¬ 
flicting core, then Resolve-Cooper is applicable contradicting our initial as¬ 
sumption. Therefore, there exists a solution bd £ { bi ,..., b u } for x satisfying 
Id ■ Let D be the set of divisibility constraints used to propagate a bound for x 
in M. All constraints D' C D not contained in C, i.e., D' = D\C = D\{Id} 
were eliminated with div-solve. It is easy to see that there exists a set of con¬ 
straints D* = D** U {Id} contained in C that implies satisfiability of D: 

D* = D**U{I d } D , 

and D** contains only variables y smaller than x (Proof the same as for 
Lemma El). In state S, the set of divisibility constraints D* is fixed, and 
satisfied under the partial assignment of M. Otherwise S would contain 
a conflict /' £ D* C C with top(/') -< x. This implies that the solution 
bd 6 {bi, ■ ■ ■, b u } for x that satisfies Id in M, also satisfies D U {Id}- Further¬ 
more, all propagated constraints are satisfied if x is set to bd- 
lower(x,M) < bd < upper(x,M). 

This contradicts the assumption that there exists a conflict I with top (I) = 

x. 


□ 


The remainder of the proof follows directly the proof outline from above: 

Theorem 23. Let S = (M 7 C) be a state reachable by CUTSAT++. Then S is 
not frozen. 
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Proof. Assume for a contradiction that S = (M, C) is a frozen state. It is easy 
to see that CUTSAT++ can propagate at least two bounds for every guarded 
variable and afterwards use a Decision to fix them. Therefore, we assume that 
all guarded variables are fixed. By Lemma (25J there is no conflict in state S. 
Since there is no conflict, at least one variable is unfixed or rule Sat [IT would 
be applicable. Therefore, there must exist a smallest unfixed and unguarded 
variable x. With the Slack-Intro-rules CUTSAT++ introduces for all variables 
at least one lower or upper bound. Therefore, there exists a violation to the 
conditions in Def. [TQ 2 or Decide would be applicable to x. Since x is the smallest 
unfixed variable, condition Def. |TT] 2 (a) holds. Def. |TT] 2 (c) is also easy to satisfy 
by applications of Solve-Div-Left or Solve-Div-Right. Therefore, Def. [TT] 2(b) is 
violated. This implies that there exists a constraint I £ C that is a conflict 
in S' = ([M, 7 ],C), where 7 is a decision in x and x = top(/). However, by 
Lemma [55J it is n °t possible that I € C is a conflict in S or S would not be 
frozen. Finally, / is a conflict only in S' and not S if Propagate(-Div) is applicable 
to I. With Solve-Div-Left and Solve-Div-Right it is relatively easy to fulfil the 
conditions for Def. Q3J1 and therefore Propagate(-Div) is applicable. We conclude 
that CUTSAT++ has always one applicable rule, which is a contradiction to our 
assumption! □ 


5.3 Proof for Completeness 

All CUTSAT++ rules are sound, i.e., if (Mi, Ci )(h A) =^ cs (A/j, Cj)(\~ Ij ) then 
any satisfiable assignment v for Cj is a satisfiable assignment also for Ci. The 
rule Resolve-Cooper is sound because of the Lemmas [2] and [3] The soundness 
of Solve-Div-Left and Solve-Div-Right follows from the fact that div-solve is an 
equivalence preserving transformation. The soundness proofs for all other rules 
are either trivial or given in El- 

Summarizing, CUTSAT++ is terminating, sound, and never reaches a frozen 
state. This in combination with obvious properties of the rules Sat, Unsat, and 
Unsat-Div implies completeness: 

Theorem 24. If CUTSAT++ starts from an initial state (0,Co) then it ei¬ 
ther terminates in the unsat state and Cq is unsatisfiable, or it terminates with 
(u,sat) where v is a satisfiable assignment for Cq. 

Proof. By Theorem ITUl CUTSAT++ is terminating. By [14], and the Lemmas 
[2] and [3] CUTSAT+- 1 - is sound. By Theorem l23l CUTSAT+-(- never reaches a 
frozen state. Since CUTSAT++ is terminating and never reaches a frozen state, 
every application of CUTSAT++ ends via the rules Sat, Unsat, or Unsat-Div in 
one of the final states. The rule Sat is only applicable in a state (M, C) where 
v[M\ satisfies C and because of soundness also Co- The rules Unsat and Unsat- 
Div are only applicable to states (M, C)(h I) where the constraint set C contains 
a trivially unsatisfiable constraint. In this case, it follows from the soundness of 
the CUTSAT+- 1 - rules that Cq is unsatisfiable. □ 
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6 Conclusion and Future Work 

The starting point of our work was an implementation of CUTSAT [14] as a 
theory solver for hierarchic superposition [S|. In that course, we observed diver¬ 
gence for some of our problems. The analysis of those divergences led to the 
development of the CUTSAT+-1- algorithm presented in this paper, which is 
a substantial extension of CUTSAT by means of the weak Cooper elimination 
describe in Section [3] 

As a next step, we plan to develop a prototypical implementation of CUT- 
SAT++, to test its efficiency on benchmark problems. Depending on the out¬ 
come, we consider integrating CUTSAT++ as a theory solver for hierarchic 
superposition modulo linear integer arithmetic [§]. 

Finally, we point at some possible improvements of CUTSAT++. We see 
great potential in the development of constraint reduction techniques from (weak) 
Cooper elimination [3]. For practical applicability such reduction techniques 
might be crucial. The choice of the variable order -< has considerable impact 
on the efficiency of CUTSAT++. It might be possibly to derive suitable or¬ 
ders via the analysis of the problem structure. We might benefit from results 
and experiences of research in quantifier elimination with variable elimination 
orders. 
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